The Australian Crypto FAQ

Last Updated: 30 April 2005

Scope

This FAQ provides information
about the laws, policies and politics related to cryptography
usage and export in Australia. By way of background, it also
contains some basic information about why people use cryptography
and the technology of cryptography software.

The original Australian Crypto
FAQ was prepared by Glenn Pure <Glenn.Pure@pcug.org.au> and
Greg Taylor <gtaylor@efa.org.au> in 2001, and the FAQ was
updated & revised in 2004 by Nick Ellsmore
<nellsmore@efa.org.au>.

Cryptography, in its classic
form, is a technology used to "scramble" information
into an unreadable form. A newspaper cryptogram is a simple
form of cryptography, although one which is trivially easy to
break. Computers have revolutionised cryptography and have
enabled incredibly powerful ciphers to be deployed.

Computer ciphers have two chief
components: a method (or algorithm) and a key. The two are used
together to encrypt a message or file. The algorithm is public
but the key is kept secret. Anyone who has the key can used the
decryption algorithm for the cipher to unscramble a message or
file. The key is usually just a big number.

Ciphers come in several
different types. The two main ones of interest are:

secret
key cryptography - this is also called symmetric
cryptography because the same key is used for encryption and
decryption. Common symmetric algorithms include DES,
Triple-DES (3DES), IDEA, and the Advanced Encryption Standard
(AES), Rijndael.

public key
cryptography - this is also called asymmetric
cryptography because different keys are used for encryption and
decryption. Public key systems usually rely on key pairs, one of
which is the public key which can be given to anyone and the
other being the private key which must be kept a secret by its
owner. Asymmetric encryption algorithms include RSA,
El-Gamal, and Eliptic Curve.

Computer cryptography is
already in widespread use, although not many people may realise
this. Common applications include:

encryption
of email sent over the Internet for confidentiality and
integrity – ensuring that there has not been tampering
with the message in transit

encryption
of files stored on computers - again to protect their
confidentiality

public
key cryptography forms the basis of digital
signatures which are an essential part of Internet
electronic commerce and provide for message integrity and
authentication

provision of
encrypted communications links between geographically diverse
offices of an organisation, or between organisations, to provide
secure communications and assurance that each site is talking to
the correct party at the other end

Cryptography is now an
essential tool for many businesses and governments to protect
valuable confidential information both when it is stored in their
computer systems and when it is transmitted from one location to
another over public networks. Without cryptography, it would be
very difficult or very expensive to protect this information. For
individuals, it is an extremely valuable tool to protect private
information or communications.

Sophisticated cryptographic
software is readily available now to virtually anyone who wants
it, and often at little or no cost. It is readily and legally
available from sites on the Internet hosted in a variety of
countries. Much of this software is extremely powerful, to
the point where it would be difficult, time consuming and
expensive – if not impossible – for many governments
or their defence agencies to retrieve the original message
without access to the key.

Historically, the greatest use
for cryptography has been in the military. As a result,
cryptography was carefully restricted by governments and their
military intelligence organisations, which meant that it was easy
for governments to 'control' the privacy of individuals and
accessibility of communications. In doing so, governments could
be fairly confident that an intercepted communication could be
understood because very few people used encryption.

The wide availability of strong
cryptography has fundamentally shifted the power base.
Individuals & friends can now control their own
privacy if they so desire. Governments and their law enforcers
are uncomfortable about this recent shift in power. In response,
the governments in some countries have attempted to control
access to strong cryptography. However, this is by no means a
practical solution. The reality is that cryptography is an
essential tool for honest businesses and individuals to protect
commercial and other information stored electronically or
transmitted over networks (including the Internet) - which is how
business is being increasingly conducted today.

3.
What restrictions are in place to limit use of crypto
in Australia?

There are currently no
direct controls limiting the import of cryptographic
software or hardware to Australia, nor for the domestic use
of cryptography within Australia (export
of cryptographic technology is a different story). Even so,
there are some limits in place or currently planned which can
have a similar effect.

The purpose of the bill
was to amend several existing Acts including the
Telecommunications
(Interception) Act 1979. The amendments implemented
requirements for carriage service providers (CSPs) to provide, at
the CSP's expense, access to any data or communications which
they transmitted for their customers. CSPs include a wide
range of telecommunications service providers including telephone
service providers and Internet Service Providers (ISPs).

Importantly, the amendments
required the CSP to decrypt any data which the CSP was
responsible for encrypting for a customer. The legislation
did not require the CSP to decrypt data or messages which the
customer personally encrypted - ie encryption which did not
involve the CSP.

Nevertheless, end-user
encryption is often easy to perform, especially for
computer-generated messages such as email. Software packages are
readily available for this purpose. Telephone and fax can
also be encrypted by end-users, but this generally requires a
hardware black box from a commercial supplier. As
Voice over IP (VoIP) uses standard Internet protocols, it can
also be encrypted using readily available software packages.

Prior to the November 1997
amendments, the government still had mechanisms for gaining
access to the plain text of any data or messages encrypted by a
CSP. The government could withhold the approval for any new
telecommunications service which a CSP proposed to supply unless
the service was capable of providing access for authorities to
the plaintext of any message. A recent example of the application
of this was the rollout of Telstra's revamped ISDN OnRamp
service in 1997. Availability of the new service was delayed
until systems were in place for interception of any traffic
transmitted using this service. A similar delay occurred with the
introduction of GSM mobile phones.

While encryption can be
used freely within Australia, the Cybercrime
Act 2001 includes provisions for law enforcement to compel
the disclosure of encryption keys, passwords, and any other
details necessary to obtain evidence in a protected or encrypted
state. Penalties up to and including imprisonment can be
imposed if a person does not comply with such an order.
This reverses the situation prior to the introduction of the Act,
whereby a user could refuse to provide encryption keys necessary
to decrypt data if such an act would result in incriminating
one’s self.

4.
Does the Australian government have a current public
policy on domestic use of crypto?

There has been silence
from the federal government for some time on broader cryptography
policy. Activity in this area tends to occur via the
executive arm of Government, particularly the Defence Signals
Directorate (DSD), who have been active recently in updating the
associated regulations.

In 1996, the Federal Government
did make substantial steps towards developing a policy on the use
of cryptography in Australia. A report was commissioned from Mr
Gerard Walsh, a former deputy head of the Australian Security
Intelligence Organisation (ASIO). On one side of the debate is
the argument that free access to cryptography by the general
public enables them to fulfil their right to protect the privacy
of their communications, including commercially valuable data. On
the other side, the government argues that it needs to control
the use of cryptography to enable eavesdropping on phone calls,
email etc, as well as access to data stored on seized computer
systems as part of its law enforcement activities.

The planned release of
the Walsh Report for public comment was withheld by the
Attorney-General's department. EFA eventually obtained a
redacted copy of the report under the Freedom of Information
(FOI) Act and has published
it on the EFA Web site. As indicated on the Walsh
Report pages of the EFA site, subsequent to the FOI release, an
uncensored version of the document was obtained, and the
previously unavailable material was added to the site and
highlighted.

The Walsh Report comes out in
favour of free access to cryptography by the public. The
conclusions in the report are especially interesting in view of
Mr. Walsh's background with ASIO. Some have suggested that the
report was withheld because it did not reach the "right"
conclusions that use of cryptography should be restricted.
The status of current thinking in the government is unknown.
Subtle changes to the regulatory regime around the export of
cryptographic software and hardware have occurred over the last
few years, however these have not been explained in the context
of any broader policy in this area.

5.
Who are the current users of crypto domestically and
why is it significant?

Cryptography has now matured to
the point where individual computer users are now commonly using
the technology to ensure their privacy and security. The
Office of the Federal Privacy Commissioner (OFPC) has released
guidance notes recommending that users implement encryption
software as a “Privacy Enhancing Technology”.

In addition to home users,
major users of cryptography in Australia exist both in government
and business. In the business community, cryptographic software
is used very widely, with industries such as banking &
finance, insurance, telecommunications, and health & welfare,
using the software asa a crucial part of their information
security and privacy strategy.

Many widely
deployed software applications include cryptographic
capabilities. All popular Internet browsers, such as
Microsoft Internet Explorer, Netscape Navigator, Mozilla Firefox
and Opera, provide such capability, to allow for secure
electronic commerce.

For email encryption and
digital signatures, the current de facto standards are PGP
(Pretty Good Privacy), for which an open-source version known as
GPG is also available, and S/MIME which has been integrated into
most mainstream e-mail packages. There is also a wide range
of other commercial, shareware and freeware software available
for file or message encryption, and digital signatures.

6.
What crypto resources are available to domestic
users?

A large amount of
software is available as freeware or shareware from Internet
sites and computer bulletin boards. A good example is
Pretty Good Privacy (PGP)
which is widely used for email encryption and digital signatures,
and variants such as the GNU
Privacy Guard (GnuPG). When downloading cryptographic
software, it is important to ensure that the software has not
been ‘weakened’ as a result of the export laws in the
country of origin.

Within Australia,
encryption software can be freely used and exchanged within
national boundaries. A number of local
firms also produce cryptographic software and hardware.

Until a few years ago,
most available versions of Internet browsing software were
limited to providing 40-bit encryption – a
level that is widely accepted as being inadequate for sensitive
transmissions. However, with easing of export
restrictions in the USA, most versions of Internet browsing
software are now not only capable of 128-bit encryption, but a
large number of Internet sites will not accept connections using
only 40-bit encryption.

A number of open source
crypto “toolkits” are available, with one of the best
known being OpenSSL.
OpenSSL is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit
implementing the Secure Sockets Layer (SSL v2/v3) and Transport
Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library. The OpenSSL home page
is http://www.openssl.org
and contains a large amount of valuable material both for
developers, researchers, and end users of cryptographic systems.

7.
What impact have US export controls on crypto had on
Australian usage?

The large market share of US
computer software and hardware developers also places them in the
front seat for controlling computing and network standards. Since
cryptography requires both the sender and the receiver(s) to
communicate using the same protocols (ie standards), any US
limits on cryptography might affect standards, which in turn
might affect the types or strength of encryption available to
users in many other countries including Australia.

The US limits have had an
effect in Australia, but in an indirect way to date. Because of
the large international market share held by some US software
companies, many of the products of these firms have become
defacto standards. Cryptographic modules are an important part of
some software packages. Internet web browsers provide a good
example. The most widely used browser in the world is Internet
Explorer (Microsoft), which was developed in the US and contains
cryptographic components that can be used for secure Internet
communication (for example to make a credit card purchase over
the Internet). In the past, exported versions of this browsers
contained severely weakened encryption in order to comply with
the export controls.

Over time the US have
considerably eased the restrictions in place with respect to
export of cryptographic software. The most recent easing
has resulted in:

Any crypto of
any key length can be exported under a license exception, after a
technical review, to non-government end users in any country
except specified
“terrorist countries” (at the date of writing,
six countries were specified: Cuba, Iran, Libya, North Korea,
Sudan, and Syria). Exports to governments can be approved
under a license.

Retail crypto
(crypto which does not require substantial support and is sold in
tangible form through retail outlets, or which has been
specifically designed for individual consumer use) of any key
length can, after a technical review, be exported to any
recipient in non-terrorist countries.

A license
exception is introduced for export of any crypto product to any
end user (government or non-government) in the 15 EU countries,
Australia, Czech Republic, Hungary, Japan, New Zealand, Norway,
Poland, and Switzerland. Such crypto (of any key length)
can be exported to these countries prior to the technical review
being completed, so long as the technical review has been
registered with the Bureau of Industry & Security.

An additional impact of the US export
controls has been the encouragement provided for development of
cryptographic products to occur outside the US. RSA have a
development lab in Queensland, SSH was developed in Finland,
Checkpoint is based in Israel, and there are many other examples.

8.
What laws or restrictions exist regarding export of
encryption products from Australia?

These controls are
administered by the Defence Trade Control and Compliance
(DTCC) Section within Industry Division of the Defence Materiel
Organisation who have the authority to approve permits and
licenses. Those goods which require a Defence permit or license
are listed in the “Defence and Strategic Goods List”
(DSGL). The Australian controls are based
on the international Wassenaar Arrangement. Evaluation of
license applications is carried out by Defence
Signals Directorate, who provide technical advice to Defence
Trade Control and Compliance, Australia's licensing
authority.

In the Defence
and Strategic Goods List issued in October 2003, it is
indicated that Australian export controls do not apply where
software/hardware meet all of the following conditions (known as
the “Cryptography Note” in the DSGL):

Generally available to the public by being sold, without
restriction, from stock at retail selling points by means of any of the following:1. Over-the-counter transactions;2. Mail order transactions;3. Electronic transactions; or4. Telephone call transactions;

The cryptographic functionality cannot easily be changed by the
user;

Designed for installation by the user without further substantial
support by the supplier; and

When necessary, details of the goods are accessible and will be
provided, upon request, to the competent authorities of the
Member State in which the exporter is established in order to
ascertain compliance with conditions described in paragraphs a.
to c. above.

In Australia, first time
exporters have been required to submit a “One-Time Review
Application Form” to comply with part ‘d’
above. This form appears to have been removed from the
Internet and it is suggested that prospective exporters contact
Defence Trade Control and
Compliance (DTCC) for details. If the goods are
assessed as controlled items, applicants are required to lodge an
Export
Application Form.

An exception to the rules is
the Personal Use Exemption, which allows encryption software to
be taken out of the country under defined conditions, e.g.
installed on a notebook computer. No permit is required in this
case. There are also exemptions for authentication-only products
and limited application devices such as ATMs and smartcard
readers as well as a broader exemption for the banking &
finance industry.

The full name of this
international agreement is The Wassenaar Arrangement on Export
Controls for Conventional Arms and Dual-Use Goods and
Technologies. The Dual-Use section of the Arrangement forms
the basis for most national controls over the export of
cryptography products. It does not have treaty status in
Australia. A copy of the Wassenaar Arrangement is available from
the Wassenaar Secretariat
site in Vienna.

The
Wassenaar Arrangement is the successor regime to the
Co-ordinating Committee for Multilateral Export Controls (COCOM)
established by NATO in 1949 to control the export of military
equipment and dual-use technologies to Warsaw Pact states.
Negotiations to establish a successor regime to COCOM commenced
in 1993 and COCOM was terminated in March 1994.

The
basic objective of the Wassenaar Arrangement is to prevent the
acquisition of conventional arms and sensitive dual-use
technologies for military end-uses by States whose behaviour is,
or becomes, a cause for serious international concern. It is
designed to complement existing weapons control and
non-proliferation regimes (the Missile Technology Control Regime,
the Nuclear Suppliers Group and the Australia Group) and is not
intended to impede bona fide civil transactions.

The Wassenaar Arrangement (WA) controls
are contained in the munitions list and the dual-use goods and
technology list. Encryption software is
controlled under Category 5 (Part 2) on the List of Dual-Use
Goods and Technologies. Refer to the Australian
Controls on the Export of Defence and Dual-Use Goods for more
detailed information.

10.
What conditions must be met to obtain an export
license?

The
Instruction
Sheet for the Export Application Form details the
requirements for completing the application for an export licence
or permit. The one-time review of cryptographic goods has
previously involved the provision of technical
specifications and/or brochures that accurately describe the
equipment, goods or technology. It is not clear as to the
specifics that are examined in a review, other than assessing
compliance to the Cryptography Note:

b.
The cryptographic functionality cannot easily be changed by the
user;

c.
Designed for installation by the user without further substantial
support by the supplier

However, information
gleaned from various sources indicates that:

Applications
for export to specific end users in "friendly"
countries have a good chance of approval.

Applications
for products using well known cryptographic algorithms and
common key-lengths present few problems.

Export via the Internet is
regarded as requiring a license, even though the Customs Act
does not appear to cover "intangibles".

11.
Is there a significant domestic industry making
crypto products and where can I find them?

A significant and growing part
of the burgeoning IT sector in Australia is involved in the
development of general and special purpose cryptography and
information security products.

A list
of known suppliers is provided as an appendix to this FAQ.
This list is made available for general information purposes only
and is not intended to be an endorsement of the quality or
suitability of any product for its intended purpose.

12.
What standards exist for use of crypto in Australia
and internationally?

A wide range of standards exist
both for the mathematical algorithms used in an encryption
system, and for the way those algorithms are applied.

Algorithms

The Data Encryption
Standard (DES) is a 56-bit key algorithm adopted as a FIPS
standard in the late 1970s, however this FIPS accreditation was
removed in 2004 as the integrity of the ageing algorithm was
compromised. DES remains widely used in the banking and
financial sector, however has
been exposed as vulnerable to a brute-force attack using a
purpose-built computer. Very few new deployments within
critical industries such as banking & finance use the DES
algorithm and within Government the DSD have indicated that the
algorithm will no longer be acceptable after 1 January 2005.
However, a variant known as “Triple DES” (3DES),
effectively using a 168-bit key, has extended the lifespan of the
algorithm considerably. Many new system deployments are
using the Advanced Encryption Standard (AES), Rijndael, which was
explicitly selected as the next generation standard to replace
DES & 3DES.

Applications / Uses

The following standards take
encryption algorithms such as those mentioned above, and apply
them to meaningful business problems. In turn, the use of
the algorithms in such a fashion, itself becomes a standard.

SSL/TLS: An important
exisiting protocol is the Secure Sockets Layer (SSL). This
is not an official standard but is widely used in major Web
browsers to conduct encrypted exchanges over the Internet. TLS
(Transport Layer Security) which is the successor to SSL is an
official standard of the IETF.
Generally speaking, when shopping or banking on the Internet,
when the ‘padlock’ appears in your Internet browser
window, SSL or TLS encryption is being used.

SSH (Secure Shell): A
secure alternative to insecure protocols such as Telnet and FTP.
While these protocols transmit user ID and password information
in an unencrypted form, SSH establishes an encrypted connection
similar to SSL, prior to sending any authentication data.
Similarly, SCP (Secure Copy) provides a secure version of the
‘rcp’ protocol, through a Secure Shell.

IPSec (Internet
Protocol Security); A standard for security at the network or
packet processing layer of network communication. Earlier
security approaches have inserted security at the application
layer of the communications model. IPSec is especially useful for
implementing virtual private networks and for remote user access
through dial-up connection to private networks.

PGP
(Pretty Good Privacy): A proprietary product that is very
widely deployed and has become a de facto standard for e-mail and
file encryption. A number of open-source implementations of
the PGP product have also been developed, including GNU
Privacy Guard (GPG).

S/MIME: A
non-proprietary approach to e-mail encryption, also widely used
and integrated by default into most major e-mail clients.
Both PGP and S/MIME have been formally endorsed as industry
standards.

The suite of communications
standards called X.509 has some encryption 'components', notably
a specification for public key certificates which provide a means
for storing and transmitting the public cryptography keys along
with the identity of their owners.

13.
What is key recovery and why is it causing a fuss?

A number of governments,
including those in the US and UK, have proposed key escrow or key
recovery schemes. The aim of the schemes is to allow authorised
officials to decrypt intercepted messages. Law enforcement and
intelligence agencies argue that without this ability, criminals
can abuse cryptography to conceal illegal activity from the law.

Under key escrow, it would be
mandatory for everyone using encryption products to provide a
copy of their key to the government for law enforcement access.
Under key recovery, the key would be kept by a third-party,
generally a commercial service provider. Both systems generally
claim that keys and/or plaintext would only be available to law
enforcement with a court warrant.

The basis of key escrow and key
recovery is that all encryption keys are stored in key
repositories where government officials can obtain copies of them
for use in decrypting messages. There are significant privacy
concerns with this approach. There are also major risks in having
large numbers of keys stored in central locations. Honest
mistakes, corruption and criminal hacking all pose major threats.

A recent
report by an ad hoc group of cryptographers claims that key
escrow and key recovery schemes represent grave security risks
and and technically unworkable, particularly for ephemeral
session keys.

14.
What is a digital signature?

A digital signature is a block
of text appended to a message which has some special properties:

it
depends on the contents of the message, so if the message
changes, so will the signature. If the message changes
after it is signed, the signature will be invalid and the
recipient will be alerted to the message having been tampered
with

it
can only be generated by the sender and would be very difficult
for anyone else to forge

it can easily be verified
by the receiver, providing assurance of the origin of the
message, and the integrity of the message content

Digital signatures are based on
public key cryptography. Public key cryptography relies on each
user having two related keys. One is the private key and must be
kept a secret. The other is the public key and it can be given to
anyone. A sender uses their private key to encrypt the
digest of the message being sent. (The digest is a
specially generated number which depends on the entire contents
of the message. Special cryptographic functions called hash
functions – such as MD5 and SHA-1 are used to generate
the digests.)

The signature can't be forged
because the sender's private key is only known to them. Anyone
who has that person's public key can decrypt the signature and
compare the result with their own digest of the message to prove
that it matches the digest that the sender 'signed'.

As these signatures have the
capacity to identify the “sender” of a message, they
can also effectively be used as authentication credentials in
place of a password.

A more detailed
explanation of a digital signature can be found in the
cryptography
FAQ.

15.
What is a public key infrastructure and why is it
important?

Public key cryptography
requires a user to possess two keys - a private key which must be
kept secret and a public key which is usually posted in a public
place where other users can obtain a copy of it (see the
cryptography
FAQ for an explanation of public key encryption and digital
signature systems). In short, the purpose of a PKI is to
provide the necessary regulation and structure around an
encryption system, such that when a digital signature is used
that claims to belong to “Person A”, the recipient of
the signature has reason to believe that “Person A”
has been correctly identified, has managed their key securely,
and uses the key in good faith.

The participants in a PKI –
including “Certification Authorities” (CA) who issue
digital certificates – complete a wide range of tasks
including:

They
must have a means for providing confidence that a particular
public key belongs to a particular user. The way this is usually
done is for the person who wants to lodge their key to show up
in person at an office of the CA and produce proof of their
identity. The CA will then take their public key and digitally
sign it with the CA's own key (in a tamper-proof way) to prove
that the CA has verified the key belongs to its correct owner.

CAs
must have a way of revoking certificates if a user happens to
lose or compromise their private key (just as a credit card
owner who loses their card needs to cancel it as quickly as
possible). The most common way this is achieved is through
a “Certificate Revocation List” (CRL).

They must store old
digital certificates so that for example, in the event of a
dispute at some time in the future, the old public key can be
retrieved and used to settle the dispute.

The development of PKIs around
the world is in its infancy and a number of different models are
being used. Some models are relatively simple and require the key
owner to take responsibility for key revocation and key
archiving. Other systems provide a full range of services to
users.

16.
What progress has been made in Australia in setting
up a public key infrastructure?

A number of international
Certificate Authorities, operated by private companies, are
available for use in Australia. These include Verisign,
CyberTrust and Thawte
(who have established a ‘web
of trust’ to provide for localised verification of
identity).

The Australian federal
government itself progressed the establishment of a public key
infrastructure for its own use. This initiative, called
Gatekeeper,
is managed by the Department of Finance & Administration.

The
Government is working towards the implementation of an Australian
Government Authentication Framework (AGAF) that provides a
whole-of-government approach to authentication. The Australian
Government recognises that different authentication techniques
are needed for different types of transactions, depending on how
much risk is involved. The AGAF aims to ensure that Australian
Government agencies apply a consistent approach when making
decisions about appropriate authentication methods. The AGAF will
ensure that Australian Government agencies implement
authentication mechanisms that correspond with the level of risk
in the transaction.

17.
What is EFA policy on encryption?

Electronic Frontiers Australia
(EFA):

supports
the widespread availability of strong crypto.

opposes
government-mandated key escrow or key recovery.

opposes export controls on
cryptography products.

EFA's position is based on the
following observations:

the
current export controls are a failure because strong
cryptography software is already widely available throughout the
world.

Australia
is one of the few countries in the world that refuses to apply
the Wassenaar Arrangement General Software Note waiver to the
export of mass market and public domain crypto software.

the
current regulations impose unnecessary constraints and costs on
business while doing little to achieve their aim of restricting
availability of cryptographic software.

the
key escrow and key recovery concepts currently encouraged as
unofficial policy are fundamentably unworkable and a risk to
data security.

no
objective case for the benefits of imposing such controls has
been made public.

current
regulations are stifling Australian initiatives in developing
secure communications protocols.

the restrictions on
deployment of strong cryptography increase the risk of criminal
or terrorist attack on vital infrastructure such as banking,
electricity supply etc.

18.
What is the policy of other industry organisations?

Almost all major national and
international organisations involved in the information industry
have publicly supported the relaxation of strict controls over
the use and export of encryption products. Among these are: